SecDir: A secure directory to defeat directory side-channel attacks

Mengjia Yan, Jen Yang Wen, Christopher W. Fletcher, Josep Torrellas

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Directories for cache coherence have been recently shown to be vulnerable to conflict-based side-channel attacks. By forcing directory conflicts, an attacker can evict victim directory entries, which in turn trigger the eviction of victim cache lines from private caches. This evidence strongly suggests that directories need to be redesigned for security. The key to a secure directory is to block interference between processes. Sadly, in an environment with many cores, this is hard or expensive to do. This paper presents the first design of a scalable secure directory. We call it SecDir. SecDir takes part of the storage used by a conventional directory and re-assigns it to per-core private directory areas used in a victim-cache manner called Victim Directories (VDs). The partitioned nature of VDs prevents directory interference across cores, defeating directory side-channel attacks. The VD of a core is distributed, and holds as many entries as lines in the private L2 cache of the core. To minimize victim self-conflicts in a VD during an attack, a VD is organized as a cuckoo directory. Such a design also obscures the victim's conflict patterns from the attacker. For our evaluation, we model with simulations the directory of an Intel Skylake-X server with and without SecDir. Our results show that SecDir has a negligible performance overhead. Furthermore, SecDir is area-efficient.

Original languageEnglish (US)
Title of host publicationISCA 2019 - Proceedings of the 2019 46th International Symposium on Computer Architecture
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages332-345
Number of pages14
ISBN (Electronic)9781450366694
DOIs
StatePublished - Jun 22 2019
Event46th International Symposium on Computer Architecture, ISCA 2019 - Phoenix, United States
Duration: Jun 22 2019Jun 26 2019

Publication series

NameProceedings - International Symposium on Computer Architecture
ISSN (Print)1063-6897

Conference

Conference46th International Symposium on Computer Architecture, ISCA 2019
CountryUnited States
CityPhoenix
Period6/22/196/26/19

Keywords

  • Cache-coherence directories
  • Cuckoo hashing
  • Side-channel attacks

ASJC Scopus subject areas

  • Hardware and Architecture

Fingerprint Dive into the research topics of 'SecDir: A secure directory to defeat directory side-channel attacks'. Together they form a unique fingerprint.

  • Cite this

    Yan, M., Wen, J. Y., Fletcher, C. W., & Torrellas, J. (2019). SecDir: A secure directory to defeat directory side-channel attacks. In ISCA 2019 - Proceedings of the 2019 46th International Symposium on Computer Architecture (pp. 332-345). (Proceedings - International Symposium on Computer Architecture). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1145/3307650.3326635